These hackers are unlocking cars remotely, but it’s for a good cause

Some design errors in the mobile applications of certain car brands make it possible to take control of the vehicle. Yuga Lab engineers seek out these bugs and submit them to the automaker and their contractors.

A hooded man poses in front of a car / Credit: Twitter

Sam Curry is cybersecurity researcher. With his colleagues from Yuga Lab, he has made a specialty of discovering the flaws in connected cars. He discovered that a bug in Hyundai’s mobile app would allow hackers to impersonate you and steal your car. To do this, it just needs your email address. He explains: “by adding a control character, carriage return or line feed, at the end of the email address of an existing account, we were able to create an account that bypassed the verification systems “.

Earlier this year, Mr. Curry and his colleagues also discovered a security flaw that could affect cars of different brands. They then realize that the commonality between most vehicles is the telematics service provider SiriusXM Connected Vehicles. This company can unlock or lock your car remotely. To do this, it needs either your email address or the vehicle’s VIN code. This company’s technology is highly valued. The list of its customers is long and includes, among others, Fiat, Land Rover, Lexus, Hyundai, Honda or even BMW and Jaguar.

Hackers can get your private data through a simple VIN code

To unlock a car and take control of it, the hackers just needed the vehicle’s VIN code. After submitting this number to the SiriusXM servers, they obtained all the rights to unlock the vehicle, and take control of it. “You could run commands on the car and collect customer account information just with a VIN code, which you find on the windshield,” says Curry.

Sirius XM’s verification system showed the coordinates and identifiers of their clients in the headers of requests to the server. According to Me Curry, once informed of these flaws, companies are quick to deploy a patch. Cybercriminals didn’t have time to exploit them.

Our cars are always more connected, and that’s very practical. That said, their growing reliance on computers and wireless technologies increasingly exposes us to the risk of fraud and theft. We remember this series of security flaws linked to Bluetooth which allowed us to steal a Tesla Model X in 90 seconds.

To read – Tesla: A flaw in the key card allows the car to be stolen in 2 minutes

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *